Chris@18: assertSession(); Chris@18: $system_path = $this->buildUrl(drupal_get_path('module', 'system')); Chris@18: $http_path = $system_path . '/tests/http.php/user/login'; Chris@18: $https_path = $system_path . '/tests/https.php/user/login'; Chris@18: // Generate a valid simpletest User-Agent to pass validation. Chris@18: $this->assertTrue(preg_match('/test\d+/', $this->databasePrefix, $matches), 'Database prefix contains test prefix.'); Chris@18: $this->agent = drupal_generate_test_ua($matches[0]); Chris@18: Chris@18: // Test pages only available for testing. Chris@18: $this->drupalGet($http_path); Chris@18: $assert_session->statusCodeEquals(200); Chris@18: $this->drupalGet($https_path); Chris@18: $assert_session->statusCodeEquals(200); Chris@18: Chris@18: // Now slightly modify the HMAC on the header, which should not validate. Chris@18: $this->agent = 'X'; Chris@18: $this->drupalGet($http_path); Chris@18: $assert_session->statusCodeEquals(403); Chris@18: $this->drupalGet($https_path); Chris@18: $assert_session->statusCodeEquals(403); Chris@18: Chris@18: // Use a real User-Agent and verify that the special files http.php and Chris@18: // https.php can't be accessed. Chris@18: $this->agent = 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12'; Chris@18: $this->drupalGet($http_path); Chris@18: $assert_session->statusCodeEquals(403); Chris@18: $this->drupalGet($https_path); Chris@18: $assert_session->statusCodeEquals(403); Chris@18: } Chris@18: Chris@18: /** Chris@18: * {@inheritdoc} Chris@18: */ Chris@18: protected function prepareRequest() { Chris@18: $session = $this->getSession(); Chris@18: if ($this->agent) { Chris@18: $session->setCookie('SIMPLETEST_USER_AGENT', $this->agent); Chris@18: } Chris@18: else { Chris@18: $session->setCookie('SIMPLETEST_USER_AGENT', drupal_generate_test_ua($this->databasePrefix)); Chris@18: } Chris@18: } Chris@18: Chris@18: }